From 7ba6a52dd0e4e3b0ee375044ef5c0e32169912e9 Mon Sep 17 00:00:00 2001
From: Hugo Gonzalez <github@hugo.labkode.com>
Date: Wed, 18 Jan 2017 23:23:25 +0100
Subject: [PATCH] Always use TLS for ldap user driver

---
 root/ldapuserdriver/ldapuserdriver.go | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/root/ldapuserdriver/ldapuserdriver.go b/root/ldapuserdriver/ldapuserdriver.go
index f3d742f..6ce43cb 100644
--- a/root/ldapuserdriver/ldapuserdriver.go
+++ b/root/ldapuserdriver/ldapuserdriver.go
@@ -5,6 +5,7 @@ import (
 )
 
 import (
+	"crypto/tls"
 	"github.com/clawio/clawiod/root"
 	"github.com/go-kit/kit/log/levels"
 	"gopkg.in/ldap.v2"
@@ -41,7 +42,7 @@ func New(logger levels.Levels,
 }
 
 func (c *driver) GetByCredentials(username, password string) (root.User, error) {
-	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.hostname, c.port))
+	l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.hostname, c.port), &tls.Config{InsecureSkipVerify: true})
 	if err != nil {
 		c.logger.Error().Log("error", err)
 		return nil, err
@@ -49,15 +50,6 @@ func (c *driver) GetByCredentials(username, password string) (root.User, error)
 	defer l.Close()
 	c.logger.Info().Log("msg", "connection stablished")
 
-	// Reconnect with TLS
-	/*
-	err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-	if err != nil {
-		c.logger.Error().Log("error", err)
-		return nil, err
-	}
-	*/
-
 	// First bind with a read only user
 	err = l.Bind(c.bindUsername, c.bindPassword)
 	if err != nil {
@@ -69,7 +61,6 @@ func (c *driver) GetByCredentials(username, password string) (root.User, error)
 	searchRequest := ldap.NewSearchRequest(
 		c.baseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		//fmt.Sprintf("(&(objectClass=user)&(samaccountname=%s))", username),
 		fmt.Sprintf(c.filter, username),
 		[]string{"dn"},
 		nil,
@@ -96,6 +87,7 @@ func (c *driver) GetByCredentials(username, password string) (root.User, error)
 		c.logger.Error().Log("error", err)
 		return nil, err
 	}
+	c.logger.Info().Log("msg", "binding ok")
 
 	// TODO(labkode) Get more attrs from LDAP query like email and displayName at least
 	u := &user{